CVE-2005-0868 Information

Description

AS/400 Telnet 5250 terminal emulation clients as implemented by (1) IBM client access (2) Bosanova (3) PowerTerm (4) Mochasoft and possibly other emulations allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command) as demonstrated by creating a backdoor account using REXEC.

Reference

http://marc.info/?l=bugtraq&m=111160242803070&w=2 http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf